SUMMARY:

• 30+ years technical experience includes
• Architecting the design of successful information solutions for organizations
• Cybersecurity, Cyber Warfare
• Teaching: Application System & Database Design on multiple platforms; Standardizing Applications and Database Elements for Uniformity; Structures and Aspects of Data
• Integration of standardized data on different Operating Systems platforms
• Analysis & Design of integrated hardware platforms
• Analysis of COTS product software selection (Best Use Case)
• Awareness of many different national/international frameworks for data security: FERPA, HIPAA, HITRUST, ISO, ITIL, NIST, Confidential CIP, and many others
• Operational knowledge of vulnerability/penetration of web - based interfaces to on-line databases
• Knowledge of multi-layered cybersecurity and SOC-2 center design solutions
• Functions as Project Manager, Application Cyber-Security Analyst and Architect, and/or Hardware Build and Deployment Consultant
• Focus on Best-in-Class deployment of NIST-compliant solutions, evaluating Hacking Vulnerability CHOKE points
• Network-Centric Security
• Data-Centric Security
• Transport Layer Security (data-in-transit) between Database and Transactional Data, including, Protocol Support, Key Exchange, Cipher Strength
• Experience working with al Security requirements, including PII, FERPA, Ed-Fi, and CEDS (Common al Data Standards). (see 2015 project, below)
• Experience as a government sub-contractor to improve network security (see 2011 project, below)
• Expertise working with multiple databases. Knowledgeable in SQL Server 2008 R2 and higher.
• Knowledge of low- and high-level computer programming languages and tools, including C#, Xamarin Studio, SQL, NoSQL, MySQL, SQL Server, and others
• Delivers projects within scope, on-time, and under budget. Project Manager Approach:
• Communications with Stakeholders/End-Users
• Timeline and Milestone Creation
• Schedule meetings to follow up on progress of each project phase with Stakeholders
• Integrate with applicable industry frameworks
• Implement project budget analysis, reporting, and variance controls
• Real-time feedback (impact) to project timeline / budget impact
• Layout Information Flow Matrix
• Design applicable input screens/forms where necessary
• Check feedback to insure applicability of data design
• Design applicable reporting structures for presentation to management
• Ensure data integrity is maintained from creation/capture through reporting
• Project wrap-up and documentation

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Analysis of Web Server / Site for Confidential Deficiencies and Vulnerabilities
• Analysis of pitfalls from non-compliance to PCI - DSS 3.2 standards and resulting potential fines
• Create and implement Data Loss Prevention (DLP) and Minimal Access plan
• Create and implement data recovery and back up plans
• Mitigate kill chain and Advanced Persistent Threats (APT)
• Review and update funds transfer and personnel data procedures
• Recommend on avoiding email phishing and social engineering

Confidential

Responsibilities:

• Encrypt networked data
• Segregate sensitive devices on network
• Create and implement Data Loss Prevention (DLP) plan
• Create and implement data recovery and back up plans
• Mitigate kill chain and Advanced Persistent Threats (APT)
• Review and update funds transfer and personnel data procedures
• Train on email phishing and social engineering
• Remove social media information from company’s web sites to lower social media attack surface

Confidential

Web Developer

Responsibilities:

• Review Types of Data Breached from Cyber Attacks
• Costs of Data Breached from Cyber Attacks
• Review RISK Profile
• Examine Confidential Vulnerabilities
• PII, PHI, PFI, CCI, DCI
• Impact of Cyber Warfare
• FERPA Potential Fines (FUTURE)
• Back-Up of Log files for Adequate Forensics

Confidential

Representative Master

Responsibilities:

• Enhance substation and distribution network physical defense via projectile shredding perimeter fencing
• Protect against potential physical damage from drones
• Implement Confidential CIP V5 (mandatory)
• Investigate alternate energy sources - small commercial nuclear fusion reactors over distributed network (Lockheed)
• Review NA grid vulnerabilities with George R. Cotter, NSA retired Chief Scientist
• Review impact of high activity EMP from Coronal Matter Ejection (CME) on NA grid

Confidential

Responsibilities:

• Create and implement Data Loss Prevention (DLP) plan
• Create and implement data recovery plan / Validate Backup
• Review and update business continuity plan
• Audit protection and security policies, procedures, and provisions (independent)

Public Utility Provider

Confidential

Responsibilities:

• Define organization data flows
• Enhance vulnerability management lifecycle understanding from both sides of network boundaries
• Minimize man-in-the-middle attack surface profile

Confidential

Responsibilities:

• Increase understanding of internal vs. external black hats intent on Intellectual Property (IP) theft (70% of companies are unprotected from insider theft or attack)
• Eliminate hot USB ports on networked devices vulnerability
• Implement data encryption and communities-of-interest to protect IP and limit access by unauthorized personnel
• Review and update business continuity and DLP plans

Government Sub-Contractor

Confidential

Responsibilities:

• Implement multi-factor ID authentication
• Network
• Application
• Initiate off-site network log file retention, adding cyber attack post-mortem capability
• Create cyber security incident response team
• Develop cyber security incident response plan to lower costs if/when cyber incident occurs
• Emphasize importance of joining InfraGard

Pharmaceutical Manufacturer

Confidential

Responsibilities:

• Review Capabilities and Capacities of Candidate Software Packages
• Evaluate effectiveness of Application to deliver user companies’ mandated requirements
• Complete MATRIX of Application capabilities and User Satisfaction
• Rate Vendor’s responsiveness to User’s Service Calls
• Rate Vendor’s reliability of product in User’s environment